This is the OpenBSD 4.6 release errata & patch list:
For OpenBSD patch branch information, please refer here.
For important packages updates, please refer here.
For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.7.
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
The patches below are available in CVS via the
OPENBSD_4_6
patch branch.
For more detailed information on how to install patches to OpenBSD, please
consult the OpenBSD FAQ.
-
013: RELIABILITY FIX: March 12, 2010 All architectures
Due to a null pointer dereference, it would be possible to crash ftpd when
handling glob(3)'ing requests. This is non-exploitable.
A source code patch exists which remedies this problem.
-
006: SECURITY FIX: March 12, 2010 All architectures
OpenSSL is susceptible to a buffer overflow due to a failure
to check for NULL returns from bn_wexpand function calls.
A source code patch exists which remedies this problem.
-
005: RELIABILITY FIX: January 29, 2010 All architectures
By using ptrace(2) on an ancestor process, a loop in the process tree
could be created, violating assumptions in other parts of the kernel
and resulting in infinite loops.
A source code patch exists which remedies this problem.
-
004: SECURITY FIX: November 26, 2009 All architectures
The SSL/TLS protocol is subject to man-in-the-middle attacks related to
renegotiation (see CVE-2009-3555, draft-ietf-tls-renegotiation-00).
OpenSSL permitted this protocol feature by default and had no way to
disable it.
A source code patch exists which remedies this problem.
-
003: RELIABILITY FIX: October 28, 2009 All architectures
getsockopt(2) with any of IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL,
IP_IPCOMP_LEVEL will crash the system.
A source code patch exists which remedies this problem.
-
002: RELIABILITY FIX: October 05, 2009 i386 only
XMM exceptions are not correctly handled resulting in a kernel panic.
A source code patch exists which remedies this problem.
-
001: RELIABILITY FIX: July 29, 2009 All architectures
A vulnerability has been found in BIND's named server
(CVE-2009-0696).
An attacker could crash a server with a specially crafted dynamic update message to a
zone for which the server is master.
A source code patch exists which remedies this problem.
For OpenBSD patch branch information, please refer here.
For important packages updates, please refer here.
For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.7.
www@openbsd.org
$OpenBSD: errata46.html,v 1.8 2010/03/12 13:35:51 jasper Exp $